From 47500ceef4b913ef3f923c6dd98291ea01fec5f2 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@ncsa.illinois.edu>
Date: Wed, 10 Aug 2011 15:03:14 -0500
Subject: [PATCH] Add a test that checks each individual script can be loaded
 in bare-mode.

Fixed most @load dependency issues in the process.  The test is still
failing in a "known" way due to hot.conn.bro and scan.bro.

Adressess #545
---
 scripts/base/frameworks/cluster/main.bro                 | 3 ++-
 scripts/base/frameworks/cluster/nodes/manager.bro        | 2 ++
 scripts/base/frameworks/cluster/nodes/worker.bro         | 1 +
 scripts/base/frameworks/cluster/setup-connections.bro    | 3 +++
 scripts/base/frameworks/communication/main.bro           | 2 ++
 scripts/base/frameworks/intel/main.bro                   | 2 ++
 scripts/base/frameworks/metrics/main.bro                 | 2 ++
 scripts/base/frameworks/notice/actions/drop.bro          | 4 +++-
 scripts/base/frameworks/notice/actions/email_admin.bro   | 4 +++-
 scripts/base/frameworks/notice/actions/page.bro          | 3 ++-
 .../base/frameworks/notice/extend-email/hostnames.bro    | 5 +++--
 scripts/base/frameworks/notice/weird.bro                 | 3 +++
 scripts/base/frameworks/packet-filter/main.bro           | 2 ++
 scripts/base/frameworks/packet-filter/netstats.bro       | 2 ++
 scripts/base/frameworks/signatures/main.bro              | 2 ++
 scripts/base/frameworks/software/main.bro                | 3 +++
 scripts/base/protocols/conn/contents.bro                 | 2 ++
 scripts/base/protocols/conn/main.bro                     | 1 +
 scripts/base/protocols/dns/main.bro                      | 1 +
 scripts/base/protocols/ftp/file-extract.bro              | 5 ++++-
 scripts/base/protocols/ftp/main.bro                      | 4 ++++
 scripts/base/protocols/http/file-extract.bro             | 4 ++++
 scripts/base/protocols/http/file-hash.bro                | 2 ++
 scripts/base/protocols/http/file-ident.bro               | 5 +++++
 scripts/base/protocols/http/main.bro                     | 1 +
 scripts/base/protocols/http/partial-content.bro          | 4 ++++
 scripts/base/protocols/http/utils.bro                    | 2 ++
 scripts/base/protocols/irc/dcc-send.bro                  | 3 +++
 scripts/base/protocols/mime/__load__.bro                 | 8 ++++----
 scripts/base/protocols/mime/base.bro                     | 2 +-
 scripts/base/protocols/mime/file-extract.bro             | 6 +++---
 scripts/base/protocols/mime/file-hash.bro                | 5 +++--
 scripts/base/protocols/mime/file-ident.bro               | 2 +-
 scripts/base/protocols/rpc/base.bro                      | 2 ++
 scripts/base/protocols/smtp/main.bro                     | 3 +++
 scripts/base/protocols/ssh/main.bro                      | 4 ++++
 scripts/base/protocols/ssl/main.bro                      | 2 ++
 scripts/base/protocols/ssl/mozilla-ca-list.bro           | 2 +-
 scripts/base/utils/directions-and-hosts.bro              | 1 +
 scripts/policy/frameworks/communication/listen-clear.bro | 2 ++
 scripts/policy/frameworks/communication/listen-ssl.bro   | 2 ++
 scripts/policy/frameworks/control/controllee.bro         | 2 +-
 scripts/policy/frameworks/control/controller.bro         | 4 +++-
 scripts/policy/frameworks/dpd/detect-protocols.bro       | 4 ++++
 scripts/policy/frameworks/dpd/packet-segment-logging.bro | 2 ++
 scripts/policy/frameworks/metrics/conn-example.bro       | 4 +++-
 scripts/policy/frameworks/metrics/http-example.bro       | 6 ++++--
 scripts/policy/frameworks/metrics/ssl-example.bro        | 5 +++--
 scripts/policy/frameworks/software/version-changes.bro   | 2 ++
 scripts/policy/frameworks/software/vulnerable.bro        | 4 +++-
 scripts/policy/integration/barnyard2/__load__.bro        | 5 ++---
 scripts/policy/integration/barnyard2/base.bro            | 2 +-
 scripts/policy/integration/barnyard2/event.bro           | 3 ---
 scripts/policy/integration/barnyard2/types.bro           | 9 ++++++++-
 scripts/policy/protocols/conn/known-hosts.bro            | 2 ++
 scripts/policy/protocols/conn/known-services.bro         | 2 ++
 scripts/policy/protocols/conn/scan.bro                   | 2 +-
 scripts/policy/protocols/dns/auth-addl.bro               | 1 +
 scripts/policy/protocols/dns/detect-external-names.bro   | 3 +++
 scripts/policy/protocols/ftp/detect.bro                  | 4 +++-
 scripts/policy/protocols/ftp/software.bro                | 2 ++
 scripts/policy/protocols/http/detect-MHR.bro             | 5 +++++
 scripts/policy/protocols/http/detect-intel.bro           | 6 +++++-
 scripts/policy/protocols/http/detect-sqli.bro            | 6 +++++-
 scripts/policy/protocols/http/detect-webapps.bro         | 4 ++++
 scripts/policy/protocols/http/headers.bro                | 2 ++
 scripts/policy/protocols/http/software.bro               | 4 +++-
 scripts/policy/protocols/http/var-extraction-cookies.bro | 3 +++
 scripts/policy/protocols/http/var-extraction-uri.bro     | 3 +++
 scripts/policy/protocols/smtp/detect-suspicious-orig.bro | 2 ++
 scripts/policy/protocols/smtp/software.bro               | 3 +++
 scripts/policy/protocols/ssh/software.bro                | 1 +
 scripts/policy/protocols/ssl/known-certs.bro             | 1 +
 scripts/policy/protocols/ssl/validate-certs.bro          | 2 ++
 .../tuning/defaults/remove-high-volume-notices.bro       | 3 +++
 scripts/policy/tuning/defaults/warnings.bro              | 4 +++-
 scripts/policy/tuning/track-all-assets.bro               | 2 +-
 scripts/test-all-policy.bro                              | 1 -
 .../policy.misc.bare-mode-coverage/unique_errors         | 0
 testing/btest/policy/misc/bare-mode-coverage.test        | 8 ++++++++
 testing/btest/policy/misc/check-bare-test-all-policy.bro | 7 -------
 81 files changed, 203 insertions(+), 50 deletions(-)
 delete mode 100644 scripts/policy/integration/barnyard2/event.bro
 create mode 100644 testing/btest/Baseline/policy.misc.bare-mode-coverage/unique_errors
 create mode 100644 testing/btest/policy/misc/bare-mode-coverage.test
 delete mode 100644 testing/btest/policy/misc/check-bare-test-all-policy.bro

diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro
index 0fc793e7f5..7b277769fb 100644
--- a/scripts/base/frameworks/cluster/main.bro
+++ b/scripts/base/frameworks/cluster/main.bro
@@ -1,3 +1,4 @@
+@load base/frameworks/control/main
 
 module Cluster;
 
@@ -65,4 +66,4 @@ event bro_init()
 		}
 	
 	Log::create_stream(CLUSTER, [$columns=Info]);
-	}
\ No newline at end of file
+	}
diff --git a/scripts/base/frameworks/cluster/nodes/manager.bro b/scripts/base/frameworks/cluster/nodes/manager.bro
index c9ce8c2d1a..d52078cc7c 100644
--- a/scripts/base/frameworks/cluster/nodes/manager.bro
+++ b/scripts/base/frameworks/cluster/nodes/manager.bro
@@ -8,6 +8,8 @@
 ##! This is where the cluster manager sets it's specific settings for other
 ##! frameworks and in the core.
 
+@load base/frameworks/notice/main
+
 @prefixes += cluster-manager
 
 ## Turn off remote logging since this is the manager and should only log here.
diff --git a/scripts/base/frameworks/cluster/nodes/worker.bro b/scripts/base/frameworks/cluster/nodes/worker.bro
index cf8620c5d7..eb0c271a17 100644
--- a/scripts/base/frameworks/cluster/nodes/worker.bro
+++ b/scripts/base/frameworks/cluster/nodes/worker.bro
@@ -1,3 +1,4 @@
+@load base/frameworks/notice/main
 
 @prefixes += cluster-worker
 
diff --git a/scripts/base/frameworks/cluster/setup-connections.bro b/scripts/base/frameworks/cluster/setup-connections.bro
index 04d474e604..956a6194f4 100644
--- a/scripts/base/frameworks/cluster/setup-connections.bro
+++ b/scripts/base/frameworks/cluster/setup-connections.bro
@@ -1,3 +1,6 @@
+@load ./main
+@load base/frameworks/communication/main
+
 module Cluster;
 
 event bro_init() &priority=9
diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro
index 73e6086f97..270c3102e2 100644
--- a/scripts/base/frameworks/communication/main.bro
+++ b/scripts/base/frameworks/communication/main.bro
@@ -1,6 +1,8 @@
 ##! Connect to remote Bro or Broccoli instances to share state and/or transfer
 ##! events.
 
+@load base/frameworks/packet-filter/main
+
 module Communication;
 
 export {
diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro
index 9849d4df42..886d5f2f16 100644
--- a/scripts/base/frameworks/intel/main.bro
+++ b/scripts/base/frameworks/intel/main.bro
@@ -20,6 +20,8 @@
 #   canary
 #   friend
 
+@load base/frameworks/notice/main
+
 module Intel;
 
 export {
diff --git a/scripts/base/frameworks/metrics/main.bro b/scripts/base/frameworks/metrics/main.bro
index 29f18ab824..a8fa805a31 100644
--- a/scripts/base/frameworks/metrics/main.bro
+++ b/scripts/base/frameworks/metrics/main.bro
@@ -1,5 +1,7 @@
 ##! This is the implementation of the metrics framework.
 
+@load base/frameworks/notice/main
+
 module Metrics;
 
 export {
diff --git a/scripts/base/frameworks/notice/actions/drop.bro b/scripts/base/frameworks/notice/actions/drop.bro
index fc1f608f9f..0116dd4ed4 100644
--- a/scripts/base/frameworks/notice/actions/drop.bro
+++ b/scripts/base/frameworks/notice/actions/drop.bro
@@ -1,6 +1,8 @@
 ##! This script extends the built in notice code to implement the IP address
 ##! dropping functionality.
 
+@load ../main
+
 module Notice;
 
 export {
@@ -31,4 +33,4 @@ event bro_init()
 		};
 
 	add Notice::sync_functions[drop_func];
-	}
\ No newline at end of file
+	}
diff --git a/scripts/base/frameworks/notice/actions/email_admin.bro b/scripts/base/frameworks/notice/actions/email_admin.bro
index 07a6568327..56c0d5853d 100644
--- a/scripts/base/frameworks/notice/actions/email_admin.bro
+++ b/scripts/base/frameworks/notice/actions/email_admin.bro
@@ -1,3 +1,5 @@
+@load ../main
+@load base/utils/site
 
 module Notice;
 
@@ -25,4 +27,4 @@ event notice(n: Notice::Info) &priority=-5
 		if ( email != "" )
 			email_notice_to(n, email, T);
 		}
-	}
\ No newline at end of file
+	}
diff --git a/scripts/base/frameworks/notice/actions/page.bro b/scripts/base/frameworks/notice/actions/page.bro
index 059a92c0c9..f88064ac47 100644
--- a/scripts/base/frameworks/notice/actions/page.bro
+++ b/scripts/base/frameworks/notice/actions/page.bro
@@ -1,3 +1,4 @@
+@load ../main
 
 module Notice;
 
@@ -16,4 +17,4 @@ event notice(n: Notice::Info) &priority=-5
 	{
 	if ( ACTION_PAGE in n$actions )
 		email_notice_to(n, mail_page_dest, F);
-	}
\ No newline at end of file
+	}
diff --git a/scripts/base/frameworks/notice/extend-email/hostnames.bro b/scripts/base/frameworks/notice/extend-email/hostnames.bro
index 83cdc4807d..b7be601db0 100644
--- a/scripts/base/frameworks/notice/extend-email/hostnames.bro
+++ b/scripts/base/frameworks/notice/extend-email/hostnames.bro
@@ -1,3 +1,4 @@
+@load ../main
 
 module Notice;
 
@@ -8,7 +9,7 @@ event Notice::notice(n: Notice::Info) &priority=10
 		return;
 	
 	# This should only be done for notices that are being sent to email.
-	if ( ACTION_EMAIL !in n$action )
+	if ( ACTION_EMAIL !in n$actions )
 		return;
 		
 	local output = "";
@@ -37,4 +38,4 @@ event Notice::notice(n: Notice::Info) &priority=10
 	
 	if ( output != "" )
 		n$email_body_sections[|n$email_body_sections|] = output;
-	}
\ No newline at end of file
+	}
diff --git a/scripts/base/frameworks/notice/weird.bro b/scripts/base/frameworks/notice/weird.bro
index 4718dc204a..556b34432a 100644
--- a/scripts/base/frameworks/notice/weird.bro
+++ b/scripts/base/frameworks/notice/weird.bro
@@ -1,3 +1,6 @@
+@load base/utils/conn-ids
+@load base/utils/site
+@load ./main
 
 module Weird;
 
diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.bro
index b030e763f0..74ea4bc6de 100644
--- a/scripts/base/frameworks/packet-filter/main.bro
+++ b/scripts/base/frameworks/packet-filter/main.bro
@@ -4,6 +4,8 @@
 ##! open filter and all filters defined in Bro scripts with the
 ##! :bro:id:`capture_filters` and :bro:id:`restrict_filters` variables.
 
+@load base/frameworks/notice/main
+
 module PacketFilter;
 
 export {
diff --git a/scripts/base/frameworks/packet-filter/netstats.bro b/scripts/base/frameworks/packet-filter/netstats.bro
index 887c7222e0..081b2d753e 100644
--- a/scripts/base/frameworks/packet-filter/netstats.bro
+++ b/scripts/base/frameworks/packet-filter/netstats.bro
@@ -1,5 +1,7 @@
 ##! This script reports on packet loss from the various packet sources.
 
+@load base/frameworks/notice/main
+
 module PacketFilter;
 
 export {
diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.bro
index 9f218ab144..d84223af13 100644
--- a/scripts/base/frameworks/signatures/main.bro
+++ b/scripts/base/frameworks/signatures/main.bro
@@ -1,5 +1,7 @@
 ##! Script level signature support.
 
+@load base/frameworks/notice/main
+
 module Signatures;
 
 export {
diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.bro
index e35902aff1..7f9a55673b 100644
--- a/scripts/base/frameworks/software/main.bro
+++ b/scripts/base/frameworks/software/main.bro
@@ -4,6 +4,9 @@
 ##! that they analyze.  The entry point for providing new software detections
 ##! to this framework is through the :bro:id:`Software::found` function.
 
+@load base/utils/directions-and-hosts
+@load base/utils/numbers
+
 module Software;
 
 export {
diff --git a/scripts/base/protocols/conn/contents.bro b/scripts/base/protocols/conn/contents.bro
index 21945beed5..feabb1303c 100644
--- a/scripts/base/protocols/conn/contents.bro
+++ b/scripts/base/protocols/conn/contents.bro
@@ -8,6 +8,8 @@
 ##! This script does not work well in a cluster context unless it has a 
 ##! remotely mounted disk to write the content files to.
 
+@load base/utils/files
+
 module Conn;
 
 export {
diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.bro
index 69c4cde64b..1af80bc18d 100644
--- a/scripts/base/protocols/conn/main.bro
+++ b/scripts/base/protocols/conn/main.bro
@@ -1,3 +1,4 @@
+@load base/utils/site
 
 module Conn;
 
diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro
index 59ade654d4..eff1b4c4f0 100644
--- a/scripts/base/protocols/dns/main.bro
+++ b/scripts/base/protocols/dns/main.bro
@@ -1,3 +1,4 @@
+@load ./consts
 
 module DNS;
 
diff --git a/scripts/base/protocols/ftp/file-extract.bro b/scripts/base/protocols/ftp/file-extract.bro
index 5ebe0ec63c..c638e90a65 100644
--- a/scripts/base/protocols/ftp/file-extract.bro
+++ b/scripts/base/protocols/ftp/file-extract.bro
@@ -1,5 +1,8 @@
 ##! File extraction for FTP.
 
+@load ./main
+@load base/utils/files
+
 module FTP;
 
 export {
@@ -62,4 +65,4 @@ event log_ftp(rec: Info) &priority=-10
 	{
 	delete rec$extraction_file;
 	delete rec$extract_file;
-	}
\ No newline at end of file
+	}
diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro
index bf32ba3114..9dd6a4b6d2 100644
--- a/scripts/base/protocols/ftp/main.bro
+++ b/scripts/base/protocols/ftp/main.bro
@@ -7,6 +7,10 @@
 ##!
 ##! * Handle encrypted sessions correctly (get an example?)
 
+@load ./utils-commands
+@load base/utils/paths
+@load base/utils/numbers
+
 module FTP;
 
 export {
diff --git a/scripts/base/protocols/http/file-extract.bro b/scripts/base/protocols/http/file-extract.bro
index 24ee1d8b93..d36d95e475 100644
--- a/scripts/base/protocols/http/file-extract.bro
+++ b/scripts/base/protocols/http/file-extract.bro
@@ -1,6 +1,10 @@
 ##! Extracts the items from HTTP traffic, one per file.  At this time only 
 ##! the message body from the server can be extracted with this script.
 
+@load ./main
+@load ./file-ident
+@load base/utils/files
+
 module HTTP;
 
 export {
diff --git a/scripts/base/protocols/http/file-hash.bro b/scripts/base/protocols/http/file-hash.bro
index 26f8abf51a..6da624728d 100644
--- a/scripts/base/protocols/http/file-hash.bro
+++ b/scripts/base/protocols/http/file-hash.bro
@@ -1,5 +1,7 @@
 ##! Calculate hashes for HTTP body transfers.
 
+@load ./file-ident
+
 module HTTP;
 
 export {
diff --git a/scripts/base/protocols/http/file-ident.bro b/scripts/base/protocols/http/file-ident.bro
index 082adf75d3..0803d8680d 100644
--- a/scripts/base/protocols/http/file-ident.bro
+++ b/scripts/base/protocols/http/file-ident.bro
@@ -1,6 +1,11 @@
 ##! This script is involved in the identification of file types in HTTP
 ##! response bodies.
 
+@load base/frameworks/signatures/main
+@load base/frameworks/notice/main
+@load base/protocols/http/main
+@load base/protocols/http/utils
+
 # Add the magic number signatures to the core signature set.
 redef signature_files += "base/protocols/http/file-ident.sig";
 # Ignore the signatures used to match files
diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro
index 172fb2bd1c..f51b49b93c 100644
--- a/scripts/base/protocols/http/main.bro
+++ b/scripts/base/protocols/http/main.bro
@@ -1,3 +1,4 @@
+@load base/utils/numbers
 
 module HTTP;
 
diff --git a/scripts/base/protocols/http/partial-content.bro b/scripts/base/protocols/http/partial-content.bro
index 130cc0db28..cc34dd6df6 100644
--- a/scripts/base/protocols/http/partial-content.bro
+++ b/scripts/base/protocols/http/partial-content.bro
@@ -3,6 +3,10 @@
 ##!
 ##! This script doesn't work yet and isn't loaded by default.
 
+@load base/frameworks/notice/main
+@load ./main
+@load ./utils
+
 module HTTP;
 
 export {
diff --git a/scripts/base/protocols/http/utils.bro b/scripts/base/protocols/http/utils.bro
index 716b1c608b..6e2583bc75 100644
--- a/scripts/base/protocols/http/utils.bro
+++ b/scripts/base/protocols/http/utils.bro
@@ -1,5 +1,7 @@
 ##! Utilities specific for HTTP processing.
 
+@load ./main
+
 module HTTP;
 
 export {
diff --git a/scripts/base/protocols/irc/dcc-send.bro b/scripts/base/protocols/irc/dcc-send.bro
index 1b8dc67c25..92d73e70bf 100644
--- a/scripts/base/protocols/irc/dcc-send.bro
+++ b/scripts/base/protocols/irc/dcc-send.bro
@@ -8,6 +8,9 @@
 ##! Example line from IRC server indicating that the DCC SEND is about to start:
 ##!    PRIVMSG my_nick :^ADCC SEND whateverfile.zip 3640061780 1026 41709^A
 
+@load ./main
+@load base/utils/files
+
 module IRC;
 
 export {
diff --git a/scripts/base/protocols/mime/__load__.bro b/scripts/base/protocols/mime/__load__.bro
index 36e9f16426..86098bb598 100644
--- a/scripts/base/protocols/mime/__load__.bro
+++ b/scripts/base/protocols/mime/__load__.bro
@@ -1,4 +1,4 @@
-@load protocols/mime/base
-@load protocols/mime/file-ident
-@load protocols/mime/file-extract
-@load protocols/mime/file-hash
+@load ./base
+@load ./file-ident
+@load ./file-extract
+@load ./file-hash
diff --git a/scripts/base/protocols/mime/base.bro b/scripts/base/protocols/mime/base.bro
index d0212870a4..df495387d7 100644
--- a/scripts/base/protocols/mime/base.bro
+++ b/scripts/base/protocols/mime/base.bro
@@ -1,7 +1,7 @@
 ##! The mime script does analysis of MIME encoded messages seen in certain
 ##! protocols (only SMTP and POP3 at the moment).
 
-@load utils/strings
+@load base/utils/strings
 
 module MIME;
 
diff --git a/scripts/base/protocols/mime/file-extract.bro b/scripts/base/protocols/mime/file-extract.bro
index d6989ad809..33d2c70513 100644
--- a/scripts/base/protocols/mime/file-extract.bro
+++ b/scripts/base/protocols/mime/file-extract.bro
@@ -1,5 +1,5 @@
-@load protocols/mime/file-ident
-@load utils/files
+@load ./file-ident
+@load base/utils/files
 
 module MIME;
 
@@ -57,4 +57,4 @@ event mime_end_entity(c: connection) &priority=-3
 	if ( c$mime?$extraction_file )
 		close(c$mime$extraction_file);
 	}
-	
\ No newline at end of file
+	
diff --git a/scripts/base/protocols/mime/file-hash.bro b/scripts/base/protocols/mime/file-hash.bro
index 3384928d58..4be2811e43 100644
--- a/scripts/base/protocols/mime/file-hash.bro
+++ b/scripts/base/protocols/mime/file-hash.bro
@@ -1,4 +1,5 @@
-@load protocols/mime/file-ident
+@load ./file-ident
+@load base/frameworks/notice/main
 
 module MIME;
 
@@ -75,4 +76,4 @@ event mime_end_entity(c: connection) &priority=-3
 		NOTICE([$note=MD5, $msg=fmt("Calculated a hash for a MIME entity from %s", c$id$orig_h),
 		        $sub=c$mime$md5, $conn=c]);
 		}
-	}
\ No newline at end of file
+	}
diff --git a/scripts/base/protocols/mime/file-ident.bro b/scripts/base/protocols/mime/file-ident.bro
index ba5310d362..346fde1bba 100644
--- a/scripts/base/protocols/mime/file-ident.bro
+++ b/scripts/base/protocols/mime/file-ident.bro
@@ -1,4 +1,4 @@
-@load protocols/mime/base
+@load ./base
 
 module MIME;
 
diff --git a/scripts/base/protocols/rpc/base.bro b/scripts/base/protocols/rpc/base.bro
index 936684a728..36a524c880 100644
--- a/scripts/base/protocols/rpc/base.bro
+++ b/scripts/base/protocols/rpc/base.bro
@@ -8,6 +8,8 @@
 # programs for which we don't have an analyzer. 
 #
 
+@load base/utils/conn-ids
+
 module RPC;
 
 export {
diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.bro
index e034a459d4..bebd902ebc 100644
--- a/scripts/base/protocols/smtp/main.bro
+++ b/scripts/base/protocols/smtp/main.bro
@@ -1,3 +1,6 @@
+@load base/frameworks/notice/main
+@load base/utils/addrs
+@load base/utils/directions-and-hosts
 
 module SMTP;
 
diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro
index 7cc87b6684..1d1747a2fe 100644
--- a/scripts/base/protocols/ssh/main.bro
+++ b/scripts/base/protocols/ssh/main.bro
@@ -1,3 +1,7 @@
+@load base/frameworks/notice/main
+@load base/utils/site
+@load base/utils/thresholds
+@load base/utils/conn-ids
 
 module SSH;
 
diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro
index 775b59a6e5..696131d2fb 100644
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@@ -1,3 +1,5 @@
+@load ./consts
+@load base/frameworks/notice/main
 
 module SSL;
 
diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.bro
index 0df3e0b9f2..2e89d83d6e 100644
--- a/scripts/base/protocols/ssl/mozilla-ca-list.bro
+++ b/scripts/base/protocols/ssl/mozilla-ca-list.bro
@@ -1,6 +1,6 @@
 # Don't edit!  This file is automatically generated.
 # Generated at: Wed Jun 29 07:52:38 -0400 2011
-
+@load base/protocols/ssl/main
 module SSL;
 redef root_certs += {
 	["GTE CyberTrust Global Root"] = "\x30\x82\x02\x5A\x30\x82\x01\xC3\x02\x02\x01\xA5\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x47\x54\x45\x20\x43\x6F\x72\x70\x6F\x72\x61\x74\x69\x6F\x6E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x2C\x20\x49\x6E\x63\x2E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x39\x38\x30\x38\x31\x33\x30\x30\x32\x39\x30\x30\x5A\x17\x0D\x31\x38\x30\x38\x31\x33\x32\x33\x35\x39\x30\x30\x5A\x30\x75\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x18\x30\x16\x06\x03\x55\x04\x0A\x13\x0F\x47\x54\x45\x20\x43\x6F\x72\x70\x6F\x72\x61\x74\x69\x6F\x6E\x31\x27\x30\x25\x06\x03\x55\x04\x0B\x13\x1E\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x53\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x2C\x20\x49\x6E\x63\x2E\x31\x23\x30\x21\x06\x03\x55\x04\x03\x13\x1A\x47\x54\x45\x20\x43\x79\x62\x65\x72\x54\x72\x75\x73\x74\x20\x47\x6C\x6F\x62\x61\x6C\x20\x52\x6F\x6F\x74\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\x95\x0F\xA0\xB6\xF0\x50\x9C\xE8\x7A\xC7\x88\xCD\xDD\x17\x0E\x2E\xB0\x94\xD0\x1B\x3D\x0E\xF6\x94\xC0\x8A\x94\xC7\x06\xC8\x90\x97\xC8\xB8\x64\x1A\x7A\x7E\x6C\x3C\x53\xE1\x37\x28\x73\x60\x7F\xB2\x97\x53\x07\x9F\x53\xF9\x6D\x58\x94\xD2\xAF\x8D\x6D\x88\x67\x80\xE6\xED\xB2\x95\xCF\x72\x31\xCA\xA5\x1C\x72\xBA\x5C\x02\xE7\x64\x42\xE7\xF9\xA9\x2C\xD6\x3A\x0D\xAC\x8D\x42\xAA\x24\x01\x39\xE6\x9C\x3F\x01\x85\x57\x0D\x58\x87\x45\xF8\xD3\x85\xAA\x93\x69\x26\x85\x70\x48\x80\x3F\x12\x15\xC7\x79\xB4\x1F\x05\x2F\x3B\x62\x99\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04\x05\x00\x03\x81\x81\x00\x6D\xEB\x1B\x09\xE9\x5E\xD9\x51\xDB\x67\x22\x61\xA4\x2A\x3C\x48\x77\xE3\xA0\x7C\xA6\xDE\x73\xA2\x14\x03\x85\x3D\xFB\xAB\x0E\x30\xC5\x83\x16\x33\x81\x13\x08\x9E\x7B\x34\x4E\xDF\x40\xC8\x74\xD7\xB9\x7D\xDC\xF4\x76\x55\x7D\x9B\x63\x54\x18\xE9\xF0\xEA\xF3\x5C\xB1\xD9\x8B\x42\x1E\xB9\xC0\x95\x4E\xBA\xFA\xD5\xE2\x7C\xF5\x68\x61\xBF\x8E\xEC\x05\x97\x5F\x5B\xB0\xD7\xA3\x85\x34\xC4\x24\xA7\x0D\x0F\x95\x93\xEF\xCB\x94\xD8\x9E\x1F\x9D\x5C\x85\x6D\xC7\xAA\xAE\x4F\x1F\x22\xB5\xCD\x95\xAD\xBA\xA7\xCC\xF9\xAB\x0B\x7A\x7F",
diff --git a/scripts/base/utils/directions-and-hosts.bro b/scripts/base/utils/directions-and-hosts.bro
index 6b387ef980..a88c4827a6 100644
--- a/scripts/base/utils/directions-and-hosts.bro
+++ b/scripts/base/utils/directions-and-hosts.bro
@@ -1,3 +1,4 @@
+@load ./site
 
 type Direction: enum {
 	## The connection originator is not within the locally-monitored network,
diff --git a/scripts/policy/frameworks/communication/listen-clear.bro b/scripts/policy/frameworks/communication/listen-clear.bro
index 1854e12f56..44fa197570 100644
--- a/scripts/policy/frameworks/communication/listen-clear.bro
+++ b/scripts/policy/frameworks/communication/listen-clear.bro
@@ -1,5 +1,7 @@
 ##! Listen for other Bro instances to make unencrypted connections.
 
+@load base/frameworks/communication/main
+
 module Communication;
 
 export {
diff --git a/scripts/policy/frameworks/communication/listen-ssl.bro b/scripts/policy/frameworks/communication/listen-ssl.bro
index fe6304206f..f4e7f955b7 100644
--- a/scripts/policy/frameworks/communication/listen-ssl.bro
+++ b/scripts/policy/frameworks/communication/listen-ssl.bro
@@ -1,5 +1,7 @@
 ##! Listen for other Bro instances and encrypt the connection with SSL.
 
+@load base/frameworks/communication/main
+
 module Communication;
 
 export {
diff --git a/scripts/policy/frameworks/control/controllee.bro b/scripts/policy/frameworks/control/controllee.bro
index 518336abd8..abddaec5b0 100644
--- a/scripts/policy/frameworks/control/controllee.bro
+++ b/scripts/policy/frameworks/control/controllee.bro
@@ -1,4 +1,4 @@
-
+@load base/frameworks/control/main
 # If an instance is a controllee, it implicitly needs to listen for remote
 # connections.
 @load frameworks/communication/listen-clear
diff --git a/scripts/policy/frameworks/control/controller.bro b/scripts/policy/frameworks/control/controller.bro
index 8c60ef457a..4f1021ffc6 100644
--- a/scripts/policy/frameworks/control/controller.bro
+++ b/scripts/policy/frameworks/control/controller.bro
@@ -1,3 +1,5 @@
+@load base/frameworks/control/main
+@load base/frameworks/communication/main
 
 module Control;
 
@@ -99,4 +101,4 @@ event remote_connection_handshake_done(p: event_peer) &priority=-10
 		# Signal configuration update to peer.
 		event Control::configuration_update_request();
 		}
-	}
\ No newline at end of file
+	}
diff --git a/scripts/policy/frameworks/dpd/detect-protocols.bro b/scripts/policy/frameworks/dpd/detect-protocols.bro
index cbe81df889..2d6f4a936a 100644
--- a/scripts/policy/frameworks/dpd/detect-protocols.bro
+++ b/scripts/policy/frameworks/dpd/detect-protocols.bro
@@ -1,5 +1,9 @@
 ##! Finds connections with protocols on non-standard ports with DPD.
 
+@load base/frameworks/notice/main
+@load base/utils/site
+@load base/utils/conn-ids
+
 module ProtocolDetector;
 
 export {
diff --git a/scripts/policy/frameworks/dpd/packet-segment-logging.bro b/scripts/policy/frameworks/dpd/packet-segment-logging.bro
index 2276b49e64..96acf9c99a 100644
--- a/scripts/policy/frameworks/dpd/packet-segment-logging.bro
+++ b/scripts/policy/frameworks/dpd/packet-segment-logging.bro
@@ -4,6 +4,8 @@
 ##! A caveat to logging packet data is that in some cases, the packet may
 ##! not be the packet that actually caused the protocol violation.
 
+@load base/frameworks/dpd/main
+
 module DPD;
 
 export {
diff --git a/scripts/policy/frameworks/metrics/conn-example.bro b/scripts/policy/frameworks/metrics/conn-example.bro
index e67117a7e0..10ea0efc34 100644
--- a/scripts/policy/frameworks/metrics/conn-example.bro
+++ b/scripts/policy/frameworks/metrics/conn-example.bro
@@ -1,3 +1,5 @@
+@load base/frameworks/metrics/main
+@load base/utils/site
 
 redef enum Metrics::ID += { 
 	CONNS_ORIGINATED, 
@@ -17,4 +19,4 @@ event connection_established(c: connection)
 	Metrics::add_data(CONNS_ORIGINATED, [$host=c$id$orig_h]);
 	Metrics::add_data(CONNS_RESPONDED,  [$host=c$id$resp_h]);
 	}
-	
\ No newline at end of file
+	
diff --git a/scripts/policy/frameworks/metrics/http-example.bro b/scripts/policy/frameworks/metrics/http-example.bro
index 904ec9a227..be3b3a66e7 100644
--- a/scripts/policy/frameworks/metrics/http-example.bro
+++ b/scripts/policy/frameworks/metrics/http-example.bro
@@ -1,4 +1,6 @@
-
+@load base/frameworks/metrics/main
+@load base/protocols/http/main
+@load base/utils/site
 
 redef enum Metrics::ID += {
 	HTTP_REQUESTS_BY_STATUS_CODE,
@@ -19,4 +21,4 @@ event HTTP::log_http(rec: HTTP::Info)
 		Metrics::add_data(HTTP_REQUESTS_BY_HOST_HEADER, [$index=rec$host]);
 	if ( rec?$status_code )
 		Metrics::add_data(HTTP_REQUESTS_BY_STATUS_CODE, [$host=rec$id$orig_h, $index=fmt("%d", rec$status_code)]);
-	}
\ No newline at end of file
+	}
diff --git a/scripts/policy/frameworks/metrics/ssl-example.bro b/scripts/policy/frameworks/metrics/ssl-example.bro
index e043690feb..0b544507dd 100644
--- a/scripts/policy/frameworks/metrics/ssl-example.bro
+++ b/scripts/policy/frameworks/metrics/ssl-example.bro
@@ -1,4 +1,5 @@
-
+@load base/frameworks/metrics/main
+@load base/protocols/ssl/main
 
 redef enum Metrics::ID += {
 	SSL_SERVERNAME,
@@ -19,4 +20,4 @@ event SSL::log_ssl(rec: SSL::Info)
 	{
 	if ( rec?$server_name )
 		Metrics::add_data(SSL_SERVERNAME, [$index=rec$server_name]);
-	}
\ No newline at end of file
+	}
diff --git a/scripts/policy/frameworks/software/version-changes.bro b/scripts/policy/frameworks/software/version-changes.bro
index 3b562b5334..6837aa3140 100644
--- a/scripts/policy/frameworks/software/version-changes.bro
+++ b/scripts/policy/frameworks/software/version-changes.bro
@@ -1,3 +1,5 @@
+@load base/frameworks/notice/main
+@load base/frameworks/software/main
 
 module Software;
 
diff --git a/scripts/policy/frameworks/software/vulnerable.bro b/scripts/policy/frameworks/software/vulnerable.bro
index ec0348d563..1a046471ee 100644
--- a/scripts/policy/frameworks/software/vulnerable.bro
+++ b/scripts/policy/frameworks/software/vulnerable.bro
@@ -1,3 +1,5 @@
+@load base/frameworks/notice/main
+@load base/frameworks/software/main
 
 module Software;
 
@@ -18,4 +20,4 @@ event log_software(rec: Info)
 		{
 		NOTICE([$note=Vulnerable_Version, $src=rec$host, $msg=software_fmt(rec)]);
 		}
-	}
\ No newline at end of file
+	}
diff --git a/scripts/policy/integration/barnyard2/__load__.bro b/scripts/policy/integration/barnyard2/__load__.bro
index 9e870eb7aa..ce5bad3fe8 100644
--- a/scripts/policy/integration/barnyard2/__load__.bro
+++ b/scripts/policy/integration/barnyard2/__load__.bro
@@ -1,3 +1,2 @@
-@load integration/barnyard2/types
-@load integration/barnyard2/event
-@load integration/barnyard2/base
+@load ./types
+@load ./base
diff --git a/scripts/policy/integration/barnyard2/base.bro b/scripts/policy/integration/barnyard2/base.bro
index f05ad0e9bf..f8ba48dd99 100644
--- a/scripts/policy/integration/barnyard2/base.bro
+++ b/scripts/policy/integration/barnyard2/base.bro
@@ -2,7 +2,7 @@
 ##! Barnyard2 and logs them.  In the future it will do more correlation
 ##! and derive new notices from the alerts.
 
-@load integration/barnyard2/types
+@load ./types
 
 module Barnyard2;
 
diff --git a/scripts/policy/integration/barnyard2/event.bro b/scripts/policy/integration/barnyard2/event.bro
deleted file mode 100644
index 5fa2747a28..0000000000
--- a/scripts/policy/integration/barnyard2/event.bro
+++ /dev/null
@@ -1,3 +0,0 @@
-## This is the event that Barnyard2 instances will send if they're 
-## configured with the bro_alert output plugin.
-global barnyard_alert: event(id: Barnyard2::PacketID, alert: Barnyard2::AlertData, msg: string, data: string);
diff --git a/scripts/policy/integration/barnyard2/types.bro b/scripts/policy/integration/barnyard2/types.bro
index 9bc56773ef..6cfcbb9535 100644
--- a/scripts/policy/integration/barnyard2/types.bro
+++ b/scripts/policy/integration/barnyard2/types.bro
@@ -22,4 +22,11 @@ export {
 		dst_ip: addr;
 		dst_p: port;
 	} &log;
-}
\ No newline at end of file
+
+	## This is the event that Barnyard2 instances will send if they're 
+	## configured with the bro_alert output plugin.
+	global barnyard_alert: event(id: Barnyard2::PacketID,
+	                             alert: Barnyard2::AlertData,
+	                             msg: string,
+	                             data: string);
+}
diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.bro
index 72bdaf01a4..6fc59d4d15 100644
--- a/scripts/policy/protocols/conn/known-hosts.bro
+++ b/scripts/policy/protocols/conn/known-hosts.bro
@@ -3,6 +3,8 @@
 ##! output provides an easy way to determine a count of the IP addresses in
 ##! use on a network per day.
 
+@load base/utils/directions-and-hosts
+
 module KnownHosts;
 
 export {
diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.bro
index 35a19a14f0..3676cbb05b 100644
--- a/scripts/policy/protocols/conn/known-services.bro
+++ b/scripts/policy/protocols/conn/known-services.bro
@@ -3,6 +3,8 @@
 ##! completed a TCP handshake with another host.  If a protocol is detected
 ##! during the session, the protocol will also be logged.
 
+@load base/utils/directions-and-hosts
+
 module KnownServices;
 
 redef enum Log::ID += { KNOWN_SERVICES };
diff --git a/scripts/policy/protocols/conn/scan.bro b/scripts/policy/protocols/conn/scan.bro
index fabb865093..a0e2408679 100644
--- a/scripts/policy/protocols/conn/scan.bro
+++ b/scripts/policy/protocols/conn/scan.bro
@@ -1,4 +1,4 @@
-@load frameworks/notice
+@load base/frameworks/notice/main
 @load port-name
 
 module Scan;
diff --git a/scripts/policy/protocols/dns/auth-addl.bro b/scripts/policy/protocols/dns/auth-addl.bro
index ba21131f7c..dd00e59c2e 100644
--- a/scripts/policy/protocols/dns/auth-addl.bro
+++ b/scripts/policy/protocols/dns/auth-addl.bro
@@ -1,3 +1,4 @@
+@load base/protocols/dns/main
 
 redef dns_skip_all_auth = F;
 redef dns_skip_all_addl = F;
diff --git a/scripts/policy/protocols/dns/detect-external-names.bro b/scripts/policy/protocols/dns/detect-external-names.bro
index fd49fee183..f6f0e596cc 100644
--- a/scripts/policy/protocols/dns/detect-external-names.bro
+++ b/scripts/policy/protocols/dns/detect-external-names.bro
@@ -8,6 +8,9 @@
 ##!     to be within a local zone.  :bro:id:`local_zones` variable **must**
 ##!     be set appropriately for this detection.
 
+@load base/frameworks/notice/main
+@load base/utils/site
+
 module DNS;
 
 export {
diff --git a/scripts/policy/protocols/ftp/detect.bro b/scripts/policy/protocols/ftp/detect.bro
index 4e69dec655..cb89599a93 100644
--- a/scripts/policy/protocols/ftp/detect.bro
+++ b/scripts/policy/protocols/ftp/detect.bro
@@ -1,3 +1,5 @@
+@load base/frameworks/notice/main
+@load base/protocols/ftp/main
 
 module FTP;
 
@@ -21,4 +23,4 @@ event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &prior
 		NOTICE([$note=Site_Exec_Success, $conn=c,
 		        $msg=fmt("%s %s", c$ftp$cmdarg$cmd, c$ftp$cmdarg$arg)]);
 		}
-	}
\ No newline at end of file
+	}
diff --git a/scripts/policy/protocols/ftp/software.bro b/scripts/policy/protocols/ftp/software.bro
index 918123bb4c..7dfd54ddca 100644
--- a/scripts/policy/protocols/ftp/software.bro
+++ b/scripts/policy/protocols/ftp/software.bro
@@ -6,6 +6,8 @@
 ##! * Detect client software with password given for anonymous users
 ##!   (e.g. cyberduck@example.net)
 
+@load base/frameworks/software/main
+
 module FTP;
 
 export {
diff --git a/scripts/policy/protocols/http/detect-MHR.bro b/scripts/policy/protocols/http/detect-MHR.bro
index 11e1d9f87e..adf0707205 100644
--- a/scripts/policy/protocols/http/detect-MHR.bro
+++ b/scripts/policy/protocols/http/detect-MHR.bro
@@ -4,6 +4,11 @@
 ##! documentation for the protocols/http/file-hash.bro script to see how to 
 ##! configure which transfers will have hashes calculated.
 
+@load base/frameworks/notice/main
+@load base/protocols/http/main
+@load base/protocols/http/utils
+@load base/protocols/http/file-hash
+
 export {
 	redef enum Notice::Type += { 
 		## If the MD5 sum of a file transferred over HTTP 
diff --git a/scripts/policy/protocols/http/detect-intel.bro b/scripts/policy/protocols/http/detect-intel.bro
index ebe6713c03..6da4d8d1e1 100644
--- a/scripts/policy/protocols/http/detect-intel.bro
+++ b/scripts/policy/protocols/http/detect-intel.bro
@@ -1,5 +1,9 @@
 ##! Intelligence based HTTP detections.
 
+@load base/protocols/http/main
+@load base/protocols/http/utils
+@load base/frameworks/intel/main
+
 module HTTP;
 
 event log_http(rec: Info)
@@ -14,4 +18,4 @@ event log_http(rec: Info)
 		        $sub=HTTP::build_url_http(rec), 
 		        $id=rec$id]);
 		}
-	}
\ No newline at end of file
+	}
diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.bro
index 45a2bdb205..c1e6281c6b 100644
--- a/scripts/policy/protocols/http/detect-sqli.bro
+++ b/scripts/policy/protocols/http/detect-sqli.bro
@@ -1,5 +1,9 @@
 ##! SQL injection detection in HTTP.
 
+@load base/frameworks/notice/main
+@load base/frameworks/metrics/main
+@load base/protocols/http/main
+
 module HTTP;
 
 export {
@@ -54,4 +58,4 @@ event http_request(c: connection, method: string, original_URI: string,
 		Metrics::add_data(SQL_ATTACKS, [$host=c$id$orig_h]);
 		Metrics::add_data(SQL_ATTACKS_AGAINST, [$host=c$id$resp_h]);
 		}
-	}
\ No newline at end of file
+	}
diff --git a/scripts/policy/protocols/http/detect-webapps.bro b/scripts/policy/protocols/http/detect-webapps.bro
index 350f0def98..493ea9b44b 100644
--- a/scripts/policy/protocols/http/detect-webapps.bro
+++ b/scripts/policy/protocols/http/detect-webapps.bro
@@ -1,3 +1,7 @@
+@load base/frameworks/signatures/main
+@load base/frameworks/software/main
+@load base/protocols/http/main
+@load base/protocols/http/utils
 
 module HTTP;
 
diff --git a/scripts/policy/protocols/http/headers.bro b/scripts/policy/protocols/http/headers.bro
index 4451e876ec..dc3eddcbc0 100644
--- a/scripts/policy/protocols/http/headers.bro
+++ b/scripts/policy/protocols/http/headers.bro
@@ -1,5 +1,7 @@
 ##! Extract and include the header keys used for each request in the log.
 
+@load base/protocols/http/main
+
 module HTTP;
 
 export {
diff --git a/scripts/policy/protocols/http/software.bro b/scripts/policy/protocols/http/software.bro
index 5a16b862a6..a7948d6a5b 100644
--- a/scripts/policy/protocols/http/software.bro
+++ b/scripts/policy/protocols/http/software.bro
@@ -1,5 +1,7 @@
 ##! Software identification and extraction for HTTP traffic.
 
+@load base/frameworks/software/main
+
 module HTTP;
 
 export {
@@ -52,4 +54,4 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
 			Software::found(c$id, Software::parse(value, c$id$resp_h, WEB_APPSERVER));
 			}
 		}
-	}
\ No newline at end of file
+	}
diff --git a/scripts/policy/protocols/http/var-extraction-cookies.bro b/scripts/policy/protocols/http/var-extraction-cookies.bro
index b30be9d2c1..2b3f282b03 100644
--- a/scripts/policy/protocols/http/var-extraction-cookies.bro
+++ b/scripts/policy/protocols/http/var-extraction-cookies.bro
@@ -1,5 +1,8 @@
 ##! This script extracts and logs variables from cookies sent by clients
 
+@load base/protocols/http/main
+@load base/protocols/http/utils
+
 module HTTP;
 
 redef record Info += {
diff --git a/scripts/policy/protocols/http/var-extraction-uri.bro b/scripts/policy/protocols/http/var-extraction-uri.bro
index a6e6b1d971..32ea147961 100644
--- a/scripts/policy/protocols/http/var-extraction-uri.bro
+++ b/scripts/policy/protocols/http/var-extraction-uri.bro
@@ -1,5 +1,8 @@
 ##! This script extracts and logs variables from the requested URI
 
+@load base/protocols/http/main
+@load base/protocols/http/utils
+
 module HTTP;
 
 redef record Info += {
diff --git a/scripts/policy/protocols/smtp/detect-suspicious-orig.bro b/scripts/policy/protocols/smtp/detect-suspicious-orig.bro
index 26f667cfd6..8e85b8db97 100644
--- a/scripts/policy/protocols/smtp/detect-suspicious-orig.bro
+++ b/scripts/policy/protocols/smtp/detect-suspicious-orig.bro
@@ -1,3 +1,5 @@
+@load base/frameworks/notice/main
+@load base/protocols/smtp/main
 
 module SMTP;
 
diff --git a/scripts/policy/protocols/smtp/software.bro b/scripts/policy/protocols/smtp/software.bro
index 09bc59c636..2099c89dc6 100644
--- a/scripts/policy/protocols/smtp/software.bro
+++ b/scripts/policy/protocols/smtp/software.bro
@@ -7,6 +7,9 @@
 ##! * Find some heuristic to determine if email was sent through 
 ##!   a MS Exhange webmail interface as opposed to a desktop client.
 
+@load base/frameworks/software/main
+@load base/protocols/smtp/main
+
 module SMTP;
 
 export {
diff --git a/scripts/policy/protocols/ssh/software.bro b/scripts/policy/protocols/ssh/software.bro
index d40ad513c8..ea04d44370 100644
--- a/scripts/policy/protocols/ssh/software.bro
+++ b/scripts/policy/protocols/ssh/software.bro
@@ -1,3 +1,4 @@
+@load base/frameworks/software/main
 
 module SSH;
 
diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro
index a8815dca07..7bff4bbf38 100644
--- a/scripts/policy/protocols/ssl/known-certs.bro
+++ b/scripts/policy/protocols/ssl/known-certs.bro
@@ -1,3 +1,4 @@
+@load base/utils/directions-and-hosts
 
 module KnownCerts;
 
diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro
index 43920557f4..3e457c72ea 100644
--- a/scripts/policy/protocols/ssl/validate-certs.bro
+++ b/scripts/policy/protocols/ssl/validate-certs.bro
@@ -1,3 +1,5 @@
+@load base/frameworks/notice/main
+@load base/protocols/ssl/main
 
 module SSL;
 
diff --git a/scripts/policy/tuning/defaults/remove-high-volume-notices.bro b/scripts/policy/tuning/defaults/remove-high-volume-notices.bro
index 1133bf952b..68c22aeb3f 100644
--- a/scripts/policy/tuning/defaults/remove-high-volume-notices.bro
+++ b/scripts/policy/tuning/defaults/remove-high-volume-notices.bro
@@ -1,6 +1,9 @@
 ##! This strives to tune out high volume and less useful data 
 ##! from the notice log.
 
+@load base/frameworks/notice/main
+@load base/frameworks/notice/weird
+
 # Remove these notices from logging since they can be too noisy.
 redef Notice::ignored_types += {
 	Weird::Content_Gap,
diff --git a/scripts/policy/tuning/defaults/warnings.bro b/scripts/policy/tuning/defaults/warnings.bro
index ea8f18c3bc..cedc3d62ad 100644
--- a/scripts/policy/tuning/defaults/warnings.bro
+++ b/scripts/policy/tuning/defaults/warnings.bro
@@ -2,8 +2,10 @@
 ##! good to set in most cases or other things that could be done to achieve 
 ##! better detection.
 
+@load base/utils/site
+
 event bro_init() &priority=-10
 	{
 	if ( |Site::local_nets| == 0 )
 		print "WARNING: No Site::local_nets have been defined.  It's usually a good idea to define your local networks.";
-	}
\ No newline at end of file
+	}
diff --git a/scripts/policy/tuning/track-all-assets.bro b/scripts/policy/tuning/track-all-assets.bro
index fe61ff93b6..40fa6913df 100644
--- a/scripts/policy/tuning/track-all-assets.bro
+++ b/scripts/policy/tuning/track-all-assets.bro
@@ -1,4 +1,4 @@
-
+@load base/frameworks/software/main
 @load protocols/conn/known-hosts
 @load protocols/conn/known-services
 @load protocols/ssl/known-certs
diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
index a42ef893fc..49f123f880 100644
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@@ -19,7 +19,6 @@
 @load frameworks/software/vulnerable.bro
 @load integration/barnyard2/__load__.bro
 @load integration/barnyard2/base.bro
-@load integration/barnyard2/event.bro
 @load integration/barnyard2/types.bro
 @load misc/analysis-groups.bro
 @load misc/loaded-scripts.bro
diff --git a/testing/btest/Baseline/policy.misc.bare-mode-coverage/unique_errors b/testing/btest/Baseline/policy.misc.bare-mode-coverage/unique_errors
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/testing/btest/policy/misc/bare-mode-coverage.test b/testing/btest/policy/misc/bare-mode-coverage.test
new file mode 100644
index 0000000000..40cd5ab76e
--- /dev/null
+++ b/testing/btest/policy/misc/bare-mode-coverage.test
@@ -0,0 +1,8 @@
+# Makes sure any given policy script in the scripts/ tree can be loaded in
+# bare mode.  btest-bg-run/btest-bg-wait are used to kill off scripts that
+# block after loading, e.g. start listening on a socket.
+#
+# @TEST-EXEC: test -e $DIST/scripts
+# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro`; do echo $script;if [[ "$script" =~ listen-clear|listen-ssl|controllee ]]; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0
+# @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors
+# @TEST-EXEC: btest-diff unique_errors
diff --git a/testing/btest/policy/misc/check-bare-test-all-policy.bro b/testing/btest/policy/misc/check-bare-test-all-policy.bro
deleted file mode 100644
index a3474942e3..0000000000
--- a/testing/btest/policy/misc/check-bare-test-all-policy.bro
+++ /dev/null
@@ -1,7 +0,0 @@
-# Makes sures test-all-policy.bro (which loads *all* other policy scripts)
-# compiles correctly even in bare mode.
-# 
-# @TEST-EXEC: bro -b %INPUT >output
-# @TEST-EXEC: btest-diff output
-
-@load test-all-policy